Difference between revisions of "Creating And Configuring A Remote Server"

From Nick's Personal Wiki
Jump to navigation Jump to search
m (Nick moved page Creating Your Server (Linode) to Creating And Configuring Remote Server: Make page more platform agnostic)
(No difference)

Revision as of 07:05, 19 December 2023

This page should assist with connecting to the server remotely for the first time, initial configuration, and basic hardening of the server to secure it well enough for basic remote use.


Connecting To A Created Server

Using SSH

Connect to the server via SSH using the below standard format, port number (if available), and the root credentials that were created when the server was created (if available): 

ssh root@A.B.C.D:E

Where A.B.C.D is the IPv4 address of your server and E is the port number (if available).


Perform Any Available System Updates

There are likely several updates that need to be performed to bring the system up to date upon creation, use the below:

Ubuntu/Debian

apt update && upgrade

CentOS/RHEL/Fedora

 dnf upgrade


Setting Timezone

New servers are set to UTC by default, use the below to change the timezone to local time if desired.

List the available timezones: 

timedatectl list-timezones

Set the desired timezone: 

timedatectl set-timezone 'TIMEZONE_NAME_FROM_LIST'

Verify timezone has been set: 

 date


Custom Hostname

Setting a hostname can be done using the below: 

hostnamectl set-hostname CUSTOM_HOSTNAME

Try to create something specific, relevant, and memorable.

i.e.

web-01-prod

wiki-01-staging


The terminal may not update right away, and you may need to log out and back in to see the changes reflected.

You can also use the 'hostname' command to see the currently configured hostname without logging out and back in. 

hostname


Creating Non-Root Users

It's not advisable to use the unlimited access of the root account at all times, and the root account should not be permitted to access the server remotely. Create a limited-user account for the day-to-day tasks that will be performed instead using the below:


Ubuntu/Debian

Create the user: 

adduser EXAMPLE_USERNAME

Grant the user sudo privileges: 

adduser EXAMPLE_USERNAME sudo

CentOS/RHEL/Fedora

Create the user and set a password for that user: 

useradd EXAMPLE_USER && passwd EXAMPLE_USER

Grant the user sudo privileges: 

usermod -aG wheel EXAMPLE_USER


Logging In As The New User

Use the exit command to log out of the server, and repeat the steps from 'Connecting To A Created Server' using the credentials for the new user: 

ssh EXAMPLE_USER@A.B.C.D:E

Followed by entering the password set for this user.


Securing SSH Access

Password-less Authentication Using An SSH Key

Accessing the server via SSH with a username and password is not a secure way to access the server.


Existing SSH Key

Within the SSH directory on the local machine, not the remote server machine, locate the existing SSH public key. Typically this is located in: 

/home/EXAMPLE_USER/.ssh/

SSH Keys are created in pairs, the public key will have the '.pub' extension and the private key will have no extension.

The default names will be id_rsa & id_rsa.pub.


Creating An SSH Key Pair

Use one of the below commands to create a new SSH key pair for use with the server:

Basic key creation with no additional options, press 'enter' at each prompt to use the default options: 

ssh-keygen

More advanced key creation with selectable encryption choice and comment for ease of identification later: 

ssh-keygen -t [ENCRYPTION_OPTION] -C "IDENTIFYING NAME/EMAIL"


Uploading SSH Key To Remote Server

Use the below command to 'push' the public key to the server: 

ssh-copy-id EXAMPLE_USER@A.B.C.D:E

Log into the server and there should be no prompt for a password if done correctly, unless there was a passphrase configured for the SSH key pair when being created.


Proper SSH File Permissions

Use the below command to set custom permissions on the below directory/file, restricting access for editing and modifying those files. 

/home/EXAMPLE_USER/.ssh/ directory 
and 
/home/EXAMPLE_USER/.ssh/authorized_keys file

 sudo chmod -R 700 /home/EXAMPLE_USER/.ssh && chmod 600 /home/EXAMPLE_USER/.ssh/authorized_keys


SSH Config File Edits

The below will disable root login from remote computers, globally disable password authentication when accessed remotely, and other SSH config file changes: 

sudo nano /etc/ssh/sshd_config

Locate and set 'PermitRootLogin' to 'no' to disable remote root access.
Locate and set 'PasswordAuthentication' to 'no' to prevent remote password authentication on all users.
Locate and set 'AddressFamily' to 'inet'(IPv4), 'inet6'(IPv6), or comment it out with # for both.

Additionally, the below changes (performed on the LOCAL machine) can be used to make connecting to the remote host simpler: 

sudo nano /home/EXAMPLE_USER/.ssh/config
(This file can be created if it does not yet exist)

Host    SERVER_ALIAS
        HostName A.B.D.C
        User EXAMPLE_USER
        Port E
        IdentityFile /PATH/TO/'''PRIVATE'''/SSH/KEY, probably /home/EXAMPLE_USER/.ssh/id_rsa

Repeat for any additional remote servers that need to be accessed this way.

Then the below command can be used to access the remote host more easily: 

ssh SERVER_ALIAS

instead of: 

ssh EXAMPLE_USER@A.B.C.D:E

Use the below command to restart the SSH service for the changes to take effect: 

sudo systemctl restart sshd

Next Steps

Next steps for configuring this server would be configuring a firewall to control network traffic or configuring Fail2Ban.

Retrieved from "https://nlear.xyz/wiki/index.php?title=Creating_And_Configuring_A_Remote_Server&oldid=15"